Amazon Listing Health Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a mostly coherent Amazon listing audit skill, but users should notice that it can use Bash and persist listing history locally.
This skill appears safe to use for manual listing audits. Before installing, be comfortable with local files being created under ~/amazon-listings/, avoid sharing Amazon credentials or sensitive customer data, and review any Bash command the agent proposes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent proposes Bash commands to create folders or save reports, those commands could affect local files.
The skill grants Bash while also telling the user no tools are required. There is no evidence of destructive or unrelated shell use, but broad shell access is worth noticing.
allowed-tools: Bash ... No API keys needed. No tools required.
Review any Bash command before allowing it, and keep use limited to the disclosed ~/amazon-listings/ workspace.
Private business listing data or Seller Central export details may remain on the local machine and could influence later audits.
The skill explicitly stores listing profiles, audit history, reports, and BSR tracking data in persistent local files.
Creates `~/amazon-listings/` containing: `memory.md` — saved ASIN profiles and audit history; `reports/` — past audit reports; `bsr-log.md` — BSR snapshots
Only save data you are comfortable keeping locally, avoid pasting credentials or customer data, and periodically review or delete the ~/amazon-listings/ files if no longer needed.